Contrib.social

authenticity verification of modules and core with SHA512 cheksums and developers' signatures?

Open on Drupal.org β†’
Created on 31 March 2015, about 10 years ago
Updated 8 May 2025, 2 days ago

Would it be possible to propose a more secure way for verifying authenticity of the files (drupal core and its modules) downloaded from drupal.org?

I mean in the same way like the Linux distributions offer, for example for debian images https://www.debian.org/CD/verify the SHA512 checksum and the files signed are available.

PS: sorry if it is not the good place to post, feel free to move my comment in another place.

✨ Feature request
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

other

Created by

πŸ‡³πŸ‡±Netherlands drupalycious

Live updates comments and jobs are added and updated live.
  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 2 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for sharing your idea for improving Drupal.

    We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

  • Comment 2 days ago β†’
    πŸ‡¬πŸ‡§United Kingdom longwave UK

    I think this should be closed as outdated, Automatic Updates β†’ uses PHP-TUF to improve supply chain security, see https://rugged.works/background/tuf_for_humans/ for more information.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024